1. Technical Field
The present invention relates generally to local area networks (LAN), and particularly to security on LANs. More specifically, the present invention relates to a method and system for preventing address resolution protocol (ARP) cache poisoning on a LAN.
2. Description of the Related Art
With the expanding utilization of electronic networks to support personal/secure data transactions and data communications, enhanced network security is a commodity desired by those designing/configuring, setting up, managing, and using electronic networks. Conventional local area networks (LANs), for example, now include servers and client systems that only allow users of the client systems to access and interact with the information stored on the network after the user has been authenticated by the access device (e.g., client system).
One of the more common addressing protocols utilized within conventional LANs is the address resolution protocol (ARP). ARP and the above and other functionality attributable therewith are well known in the art. The ARP protocol is utilized to “map” IP addresses to MAC addresses. When a host system receives an ARP request, the router adds an entry to its ARP cache that maps the IP address to the MAC address of the device. This is later utilized to route/forward data packets received by the router addressed to the IP address to the correct device (identified by the MAC address). The ARP request broadcasted to all nodes on the LAN and instructs the nodes whose ARP cache contains this IP address to change the MAC address associated with the IP address in the cache to the MAC address of the device.
The received ARP request includes the MAC and IP addresses of the device that initiated the ARP request as well as the IP address of the stack. An ARP response is generated by a receiving system, including the MAC address of the stack.
ARP makes use of broadcasts and does not have any form of authentication process. Because of these characteristics, ARP is particularly vulnerable to attack by unauthorized users. One type of attack commonly made using ARP involves the use of spoofed ARP responses. With spoofed ARP responses, an attacker is able to take the place of another device in the LAN for sending and receiving packets. Also, the attacker may implement what is referred to in the art as a “man-in-the middle” attack, which allows the attacker to intercept all packets from a source and replay the packets.
The above described attacks based on inherent limitations in the protocol become a problem for security within LANs and makes even secure LANs susceptible to security attacks from the inside. For example, the practice of ARP cache poisoning is a well known attempt at breaching network security. The attacker “poisons” the ARP cache of unprotected systems by sending fake ARP responses that are automatically placed in the ARP cache of the victim device (or host). Once the attacker has successfully corrupted the ARP cache of a victim host, then attacker is then able to perform a “man-in-the-middle” attack to read/detect private network traffic (e.g. passwords, etc.). While this particular attack must be performed by someone on the LAN, the attack is still considered a security breach.
Several different solutions to prevent this man-in-the-middle attack currently exist. Among these solutions, a first solution involves hard coding permanent ARP entries in an ARP lookup table. These entries cannot be overwritten by incoming ARP responses. The main drawback to this solution is that since the ARP entries are hard-coded by an administrator, the entries must be maintained whenever any information changes within the LAN (e.g. a new hosts added, hostname changes, additional Ethernet cards, etc.). This administrative maintenance requires monitoring and is, for that and other reasons, in-efficient.
A second solution involves writing a program that keeps track of all outgoing ARP requests and all incoming ARP responses, and then verifies that each response has a corresponding request. This solution is described at world-wide-web (www) site cs.sjsu.edu/faculty/stamp/students/Silky_report.pdf. With this solution, whenever a new response comes in (e.g. from an attacker), if the response is determined to not be warranted, the response is ignored. Also, the sending host's IP address can be logged (detected) for security purposes. This solution requires extra overhead for all ARP traffic. Every host on the network must run this program in order to protect its own cache. Thus, much duplication of effort is required.
The present invention recognizes that it would be desirable to implement a solution that substantially eliminates the aforementioned network attacks by ARP cache poisoning without exhibiting the limitations of the above two solutions.